Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2018 (2018), Article ID 3614093, 17 pages
https://doi.org/10.1155/2018/3614093
Research Article

Network Intrusion Detection with Threat Agent Profiling

Faculty of Science, Pavol Jozef Šafárik University in Košice, Košice, Slovakia

Correspondence should be addressed to Pavol Sokol; ks.sjpu@lokos.lovap

Received 13 November 2017; Accepted 8 February 2018; Published 25 March 2018

Academic Editor: Jesús Díaz-Verdejo

Copyright © 2018 Tomáš Bajtoš et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

With the increase in usage of computer systems and computer networks, the problem of intrusion detection in network security has become an important issue. In this paper, we discuss approaches that simplify network administrator’s work. We applied clustering methods for security incident profiling. We consider -means, PAM, and CLARA clustering algorithms. For this purpose, we used data collected in Warden system from various security tools. We do not aim to differentiate between normal and abnormal network traffic, but we focus on grouping similar threat agents based on attributes of security events. We suggest a case of a fine classification and a case of a coarse classification and discuss advantages of both cases.